Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented system comprising at least one computing device comprising at least one processor and instructions executable by the at least one processor to cause the at least one processor to perform operations comprising: a) detecting a data flow between a sequence of nodes of a computer network, the data flow associated with a user of the computer network; b) determining a characteristic of the data flow and a characteristic of the user; c) receiving a software application transaction log for the computer network; d) sampling data from the software application transaction log to create a plurality of software application transaction log samples, wherein frequency of the sampling is automatically adjusted responsive to security risk associated with the data flow; e) classifying the data flow responsive to the plurality of software application transaction log samples; f) applying a machine learning algorithm configured to perform predictive path progress analysis in order to determine a level of security risk caused by the data flow responsive to the determined characteristic of the data flow, the determined characteristic of the user, and the classification of the data flow; g) generating a plurality of transaction maps, each transaction map comprising icons representing the nodes of the computer network and the data flow between the nodes over a configurable time interval starting at a point in time and a visual indicator of the level of security risk; h) comparing two or more of the transaction maps representing different time intervals, different points in time, or both to detect a change between the transaction maps; and j) generating an alert notification of the change.
2. The system of claim 1, wherein the operations further comprise: determining a characteristic of at least one of the nodes, wherein the determining of the level of security risk caused by the data flow is further responsive to the characteristic of the at least one of the nodes.
3. The system of claim 1, wherein the data flow is associated with a data source, and wherein the operations further comprise: a) determining a characteristic of the data source; and b) classifying the data flow responsive to the characteristic of the data source, wherein the determining of the level of security risk caused by the data flow is further responsive to the classification.
4. The system of claim 1, wherein the operations further comprise: a) receiving a trace log for the computer network; b) sampling data from the trace log to create a plurality of trace log samples; and c) classifying the data flow responsive to the plurality of trace log samples, wherein the determining of the level of security risk caused by the data flow is further responsive to the classification.
5. The system of claim 4, wherein the operations further comprise: executing, prior to receipt of the trace log, distributed tracing within the computer network to generate the trace log.
6. The system of claim 1, wherein the data flow is detected by using at least one of a user name, a user identifier, a uniform resource locator (URL), a service sequence, a data source, an Internet protocol (IP) address, and a node identifier.
7. The system of claim 1, wherein the operations further comprise: scanning the computer network to discover the sequence of nodes of the computer network prior to detecting the data flow between the sequence of nodes of the computer network.
8. The system of claim 1, wherein the operations further comprise: receiving a standard for data protection, wherein the determining of the characteristic of the data flow and the level of risk caused by the data flow is determined, at least in part, using the standard for data protection.
9. The system of claim 1, wherein determining the characteristic of the data flow includes determining what nodes the data is flowing through.
10. The system of claim 1, wherein the operations further comprise: a) receiving an indication of a threshold level of security risk; and b) executing a remedial action responsively to a determination that the level of security risk is above the threshold level of security risk.
11. The system of claim 1, wherein one or more of the transaction maps further comprises an icon representing the user.
12. One or more non-transitory computer-readable storage media encoded with instructions executable by one or more processors to provide an application comprising: a) a software module detecting a data flow between a sequence of nodes of a computer network, the data flow associated with a user of the computer network; b) a software module determining a characteristic of the data flow and a characteristic of the user; c) a software module receiving a software application transaction log for the computer network; d) a software module sampling data from the software application transaction log to create a plurality of software application transaction log samples, wherein frequency of the sampling is automatically adjusted responsive to security risk associated with the data flow; e) a software module classifying the data flow responsive to the plurality of software application transaction log samples; f) a software module applying a machine learning algorithm configured to perform predictive path progress analysis in order to determine a level of security risk caused by the data flow responsive to the determined characteristic of the data flow, the determined characteristic of the user, and the classification of the data flow; g) a software module generating a plurality of transaction maps, each transaction map comprising icons representing the nodes of the computer network and the data flow between the nodes over a configurable time interval starting at a point in time and a visual indicator of the level of security risk; h) a software module comparing two or more of the transaction maps representing different time intervals, different points in time, or both to detect a change between the transaction maps; and j) a software module generating an alert notification of the change.
13. The media of claim 12, wherein the application further comprises: a software module determining a characteristic of at least one of the nodes, wherein the determining of the level of security risk caused by the data flow is further responsive to the characteristic of the at least one of the nodes.
14. The media of claim 12, wherein the data flow is associated with a data source, and wherein the application further comprises: a) a software module determining a characteristic of the data source; and b) a software module classifying the data flow responsive to the characteristic of the data source, wherein the determining of the level of security risk caused by the data flow is further responsive to the classification.
15. The media of claim 12, wherein the application further comprises: a) a software module receiving a trace log for the computer network; b) a software module sampling data from the trace log to create a plurality of trace log sample; and c) a software module classifying the data flow responsive to the plurality of trace log samples, wherein the determining of the level of security risk caused by the data flow is further responsive to the classification.
16. The media of claim 15, wherein the application further comprises: a software module executing, prior to receipt of the trace log, distributed tracing within the computer network to generate the trace log.
17. The media of claim 12, wherein the data flow is detected by using at least one of a user name, a user identifier, a uniform resource locator (URL), a service sequence, a data source, an Internet protocol (IP) address, and a node identifier.
18. The media of claim 12, wherein the application further comprises: a software module scanning the computer network to discover the sequence of nodes of the computer network prior to detecting the data flow between the sequence of nodes of the computer network.
19. The media of claim 12, wherein the application further comprises: a software module receiving a standard for data protection, wherein the determining of the characteristic of the data flow and the level of risk caused by the data flow is determined, at least in part, using the standard for data protection.
20. The media of claim 12, wherein determining the characteristic of the data flow includes determining what nodes the data is flowing through.
21. The media of claim 12, wherein the application further comprises: a) a software module receiving an indication of a threshold level of security risk; and b) a software module executing a remedial action responsively to a determination that the level of security risk is above the threshold level of security risk.
22. The media of claim 12, wherein one or more of the transaction maps further comprises an icon representing the user.
Unknown
April 1, 2025
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.